Boom CMS 8.0.7 Cross Site Scripting

Document Title: =============== Boom CMS v8.0.7 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2274 Release Date: ============= 2023-07-03 Vulnerability Laboratory ID VL-ID: ==================================== 2274...

Ciuis CRM 1.0.8 Add Administrator

==================================================================================================================================== | Title : Ciuis™ CRM v1.0.7 add administrator Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bi...

Microsoft Office 365 18.2305.1222.0 Remote Code Execution

Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege Vulnerability + RCE. Author: nu11secur1ty Date: 07.18.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office Reference:...

Clip Share 4.1.4 Cross Site Scripting

==================================================================================================================================== | Title : Clip Share 4.1.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

Buzzy News Viral Lists Polls And Videos 1.4 Insecure Settings

====================================================================================================================================== | Title : Buzzy - News Viral Lists Polls and Videos V 1.4 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...

Openfire Authentication Bypass / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Openfire authentication bypass with RCE plugin', 'Description' = %q Openfire is an XMPP server licensed under the Open Source...

Dooblou WiFi File Explorer 1.13.3 Cross Site Scripting

Document Title: =============== Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2317 Release Date: ============= 2023-07-04 Vulnerability Laboratory ID VL-ID:...

Aures Booking And POS Terminal Local Privilege Escalation

Document Title: =============== Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ====================================...

brsisCMS 1.0.2 Cross Site Scripting

==================================================================================================================================== | Title : brsisCMS v1.0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...

Bloly 1.3 SQL Injection

==================================================================================================================================== | Title : Bloly v1.3 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | | Vend...

CCOM Events CMS 0.1.02 SQL Injection

==================================================================================================================================== | Title : CCOM Events CMS v0.1.02 Sql injecion Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-b...

Carbiz Buy Sell Car Marketplace Script 1.2.0 Insecure Settings

====================================================================================================================================== | Title : Carbiz - Buy Sell Car Marketplace Script V 1.2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

Capitol Matrimonial Banquet Centre 1.5 SQL Injection

==================================================================================================================================== | Title : Capitol Matrimonial Banquet Centre v1.5 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Buzzy News Viral Lists Polls And Videos 1.3.2 Insecure Settings

====================================================================================================================================== | Title : Buzzy - News Viral Lists Polls and Videos V 1.3.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

BookingWizz 5.5 Information Disclosure

==================================================================================================================================== | Title : BookingWizz v5.5 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

Business Website CMS 1.9 SQL Injection

==================================================================================================================================== | Title : Business Website CMS v1.9 Auth Bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Catpops Technobiz CMS 4.0 Cross Site Scripting

==================================================================================================================================== | Title : Catpops Technobiz CMS v4.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | ...

Ecommerce 1.15 Cross Site Scripting

Exploit Title: Ecommerce 1.15 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/ecommerce/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

MineStack 1.0 Cross Site Scripting

Exploit Title: MineStack 1.0 - Stored XSS Exploit Author: CraCkEr Date: 14/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/minestack-a-cloud-mining-platform/10 Tested on: Windows 10 Pro Impact: Manipulate the content of the site...

JobSeeker 1.5 Cross Site Scripting

Exploit Title: JobSeeker 1.5 - Reflected XSS Exploit Author: CraCkEr Date: 15/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/jobseeker/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

ChainCity Real Estate Investment Platform 1.0 Cross Site Scripting

Exploit Title: ChainCity Real Estate Investment Platform 1.0 - Stored XSS Exploit Author: skalvin aka CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://script.bugfinder.net/chaincity/ Tested on: Windows 10 Pro Impact: Manipulate the content...

Finounce 1.0 Cross Site Scripting

Exploit Title: Finounce 1.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/finounce-an-advance-peer-to-peer-crypto-exchange-platform/20 Tested on: Windows 10 Pro Impact: Manipulate the...

Admidio 4.2.10 Remote Code Execution

Exploit Title: Admidio v4.2.10 - Remote Code Execution RCE Application: Admidio Version: 4.2.10 Bugs: RCE Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 10.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...

Clarity PPM 14.3.0.298 Cross Site Scripting

================================================================================================================================== Title : Insufficient input validation , in CA PPM 14.3 allows remote attackers to execute stored cross-site scripting attacks. | Author : Kaizen | Tested on : windows...

Lawyer CMS 1.6 Cross Site Scripting

Exploit Title: Lawyer CMS 1.6 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/lawyer/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

ICOGenie 1.0 Cross Site Scripting

Exploit Title: ICOGenie 1.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/icogenie-advanced-token-offering-script/21 Tested on: Windows 10 Pro Impact: Manipulate the content of the site...

Carlisting 1.6 Cross Site Scripting

Exploit Title: Carlisting 1.6 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/carlisting/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Th...

EX-RATE 1.0 Cross Site Scripting

Exploit Title: EX-RATE 1.0 - Stored XSS Exploit Author: CraCkEr Date: 14/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/ex-rate-a-complete-money-exchange-solution/14 Tested on: Windows 10 Pro Impact: Manipulate the content of the si...

Insurance 1.2 Cross Site Scripting

Exploit Title: Insurance 1.2 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/insurance/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

Icinga Web 2.10 Remote Code Execution

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Authenticated Remote Code Execution Date: 8/07/2023 Exploit Author: Dante CoronaAka. cxdxnt Software Link: https://github.com/Icinga/icingaweb2 Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version:...

RecipePoint 1.9 SQL Injection

Exploit Title: RecipePoint 1.9 - SQL Injection Exploit Author: CraCkEr Date: 15/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/recipepoint/ Tested on: Windows 10 Pro Impact: Database Access Description SQL injection attac...

BM IT CMS 1.0 Insecure Settings

==================================================================================================================================== | Title : BM IT CMS v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

Wedding Wonders 1.0 Cross Site Scripting

Exploit Title: Wedding Wonders 1.0 - Stored XSS Exploit Author: CraCkEr Date: 13/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/wedding-wonders-a-matrimonial-and-matchmaking-platform/17 Tested on: Windows 10 Pro Impact: Manipulate t...

Carlisting 1.6 SQL Injection

Exploit Title: Carlisting 1.6 - SQL Injection Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/carlisting/ Tested on: Windows 10 Pro Impact: Database Access Description SQL injection attacks...

Travelable 1.0 Cross Site Scripting

Exploit Title: Travelable 1.0 - Stored XSS Exploit Author: CraCkEr Date: 15/07/2023 Vendor: travelmate.com Vendor Homepage: https://www.codester.com/items/43963/travelable-trek-management-solution Software Link: https://travel.codeswithbipin.com/ Tested on: Windows 10 Pro Impact: Manipulate the...

BloodBank 1.1 SQL Injection

Exploit Title: BloodBank 1.1 - SQL Injection Exploit Author: CraCkEr Date: 15/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/bloodbank/ Tested on: Windows 10 Pro Impact: Database Access Description SQL injection attacks c...

Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass

Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass + Cisco IMC Supervisor - 2.2.1.0 + Date: 08/21/2019 + Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo + Vendor:...

WBCE 1.6.1 Cross Site Scripting

Exploit Title: WBCE - Stored XSS Date: 07/2023 Exploit Author: Andrey Stoykov Version: 1.6.1 Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com Steps to Exploit: 1. Login to application 2. Browse to following URI "http://host/wbce/admin/pages/intro.php" 3. Paste XSS payload "TEST...

BloodBank 1.1 Cross Site Scripting

Exploit Title: BloodBank 1.1 - Reflected XSS Exploit Author: CraCkEr Date: 15/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/bloodbank/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

ChainCity Real Estate Investment Platform 1.0 SQL Injection

Exploit Title: ChainCity Real Estate Investment Platform 1.0 - SQL Injection Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://script.bugfinder.net/chaincity/ Tested on: Windows 10 Pro Impact: Database Access Description SQL...

News Portal 4.0 SQL Injection

Exploit Title: News Portal v4.0 - SQL Injection Unauthorized Date: 09/07/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://phpgurukul.com/news-portal-project-in-php-and-mysql/c Software Link:...

Listplace Directory Listing Platform 3.0 Cross Site Scripting

Exploit Title: Listplace Directory Listing Platform 3.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22 Tested on: Windows 10 Pro Impact...

WinterCMS 1.2.2 Cross Site Scripting

Exploit Title: WinterCMS alertdocument.cookie; //P...

Montage 1.0 Cross Site Scripting

Exploit Title: Montage 1.0 Hotel Booking & Property Selling - Stored XSS Exploit Author: CraCkEr Date: 13/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/montage-a-complete-solution-for-hotel-booking-property-selling/16 Tested on:...

WordPress Force Images Download 1.8 CSRF / SSRF

Exploit Author : Etharus Vulnerability : Cross Site Request Forgery to Server Side Request Forgery Impact : internal ip disclosure , file extension bypass, internal port scan. Product Vendor : Nazakat Ali Version Tested : 1.8 Date : 14/07/2023 Fofa Dork :...

SASS BILLER 1.0 Cross Site Scripting

Exploit Title: SASS BILLER 1.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/sass-biller-a-sass-based-invoicing-and-billing-platform/19 Tested on: Windows 10 Pro Impact: Manipulate the...

ProjeQtOr Project Management System 10.4.1 Cross Site Scripting

Exploit Title: ProjeQtOr Project Management System V10.4.1 - Multiple XSS Version: V10.4.1 Bugs: Multiple XSS Technology: PHP Vendor URL: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV10.4.1.zip/download Date of found: 09.07.2023 Author:...

Pluck 4.7.18 Remote Code Execution

Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...

Buzzy News Viral Lists Polls And Videos 1.3.1 Insecure Settings

====================================================================================================================================== | Title : Buzzy - News Viral Lists Polls and Videos V 1.3.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

BrightCube LMS 2.0.1 SQL Injection

==================================================================================================================================== | Title : BrightCube LMS v2.0.1 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.0.332-bi...